On September 11, 2023, Kaspersky published analysis of the Cuba ransomware gang’s recent activity, which includes an update of their Burntcigar malware. Researchers identified the new strain in one of their clients, in December 2022. It is believed capable of bypassing the detection tools of most security providers.
“Our latest findings highlight the importance of access to the latest reports and intelligence on threats. Ransomware gangs like Cuba evolve rapidly, while sharpening their edge, therefore it is essential to stay ahead of the curve to effectively counter potential attacks,” points out Gleb Ivanov, cybersecurity expert with Kaspersky.
Cuba is a Russian-speaking group with a particularly wide array of victims. It targets a variety of areas (retail, finance, logistics, government agencies, manufacturing) in North America, Europe, Asia and Oceania. The gang uses a mix of public and proprietary tools to insert their unique ransomware strain, which is very hard to detect as it works without additional libraries.
Cuba regularly updates their malware tools and uses the “Bring Your Own Vulnerable Driver” (BYOVD) tactic. The group practices double extortion: they encrypt and steal data, therefore favoring sensitive data: financial documents, bank statements, corporate accounts, source code…